Make gems not world writable

Signed-off-by: Jay Mundrawala <jay@thechamberofunderstanding.com>
inspec · Jan 18, 2019 · 257c8d7 · 257c8d7
1 parent e6abd1b
commit 257c8d7
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/habitat/plan.sh b/habitat/plan.sh
@@ -47,6 +47,10 @@ do_install() {
   popd
 
   wrap_inspec_bin
+
+  # Certain gems (timeliness) are getting installed with world writable files
+  # This is removing write bits for group and other.
+  find "$GEM_HOME" -xdev -perm -0002 -type f -print 2>/dev/null | xargs -I '{}' chmod go-w '{}'
 }
 
 # Need to wrap the InSpec binary to ensure paths are correct